[dns-operations] DNS deluge for x.p.ctrc.cc
Roland Dobbins
rdobbins at cisco.com
Mon Feb 27 17:03:23 UTC 2006
1. Spoofed traffic isn't the -only- problem. It's a big problem, but
far from the
whole enchilada, heh.
2. This isn't the BCP/38-cum-BCP/84 mailing list, it's the DNS-ops
mailing list.
So, of course the focus is on DNS.
;>
On Feb 27, 2006, at 3:12 AM, Geo wrote:
> Folks,
>
> I think most of you are too into DNS to see the real problem and
> the only
> workable solution I can think of. The problem isn't DNS
> exploitation, it's
> tcp/ip exploitation, ie spoofed traffic.
>
> The solution is ingress/egress filters and finding a good way to test
> netblocks to see if they are filtering for spoofed traffic
> originating on
> their netblock. If you can't spoof with an outside IP, the damange
> you can
> do is limited to the netblock you are on or at the least makes it
> easy to
> track back to your netblock.
>
> Geo.
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
More information about the dns-operations
mailing list